16
Border Gateway Protocol Hijacking Nick Beattie Networking & Security April 11 th , 2011

BGP slides

Embed Size (px)

Citation preview

Page 1: BGP slides

Border Gateway Protocol Hijacking

Nick BeattieNetworking & SecurityApril 11th, 2011

Page 2: BGP slides
Page 3: BGP slides
Page 4: BGP slides

What is theBorder Gateway Protocol?And, how can it be hijacked?

Page 5: BGP slides

"I went around screaming my head about this about ten or twelve years ago…. We described this to intelligence agencies and to the National Security Council, in detail.”

-Peiter “Mudge” Zatko , 1998 Congress

h@ck3r Defense Advanced Research Project Agency – Program

Manager

Page 6: BGP slides
Page 7: BGP slides

“There’s no vulnerabilities, no protocol errors, there are no software problems. The problem arises (from) the level of interconnectivity that’s needed to maintain this mess, to keep it all working."

Page 8: BGP slides

Why?It’s necessary.

Page 9: BGP slides

Theory

Practice

Traffic routed towards DefCon – Las Vegas

Traffic rerouted back to DefCon – Las Vegas

Traffic routed through servers in New York City

Page 10: BGP slides

YouTubePakistan’s Black Hole

Page 11: BGP slides

China Telecom’s18 minutes of fame

Page 12: BGP slides

• 170 Countries• 50,000 IP Blocks–15% of the Internet

• .com, .net, .org, .gov, .mil• Email• Instant messaging • Web requests

50,000 IP Blocks

China Telecom

Intended Destination

Page 13: BGP slides

Worth Noting•What could they find in those 18 minutes? What type of processing power does China have?•Why didn’t China Telecom buckle under the increased Internet traffic?•What does mean is possible?• Corporate Espionage• Nation-state spying• Mining data without permission from ISPs

Page 14: BGP slides

Security Needed• Secure BGP• Digital signatures and validation• Routers need more memory and

processing power• Trust is not enough

Who will pay?

Page 15: BGP slides

Questionsabout BGP

Page 16: BGP slides

Works Cited• http://thenextweb.com/apps/2010/11/16/china-hijacked-15-of-us-internet-traffic-and-no-one-noticed/• http://www.theregister.co.uk/2009/04/16/internet_backbone_hacking/• http://www.renesys.com/blog/2010/11/chinas-18-minute-mystery.shtm• http://www.youtube.com/watch?v=IzLPKuAOe50• http://news.bbc.co.uk/2/hi/technology/7262071.stm• http://www.wired.com/threatlevel/2008/08/revealed-the-in/